Dragon Ppt Maker.Bak

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward PowerPoint generator; its main risk is a demo mode that saves to a hard-coded Desktop-style path.

Safe to install for creating PPTX files, with normal caution around PyPI dependencies. Prefer passing your own --output path, and avoid the --openclaw demo if you do not want it to write to its built-in Desktop-style filename.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The function writes output to a hard-coded Desktop path without user confirmation or parameterization. In an agent or automated execution context, this can cause unintended file creation, privacy issues, or overwriting of user data in a sensitive user directory, especially if run under another user's account or with elevated privileges.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal